The present invention generally pertains to systems and methods for accessing a hosted service over a network. More specifically, the present invention deals with methods for providing secure access to a hosted service via a client application.
The functionality of certain software applications can be extended through services offered through a network such as the Internet. Communication with the provider of services should be secure in order to protect the interests of both the host of the application and the service provider.
Retail management systems are a specific area where securing communication with a remote service provider is challenging. In order to achieve some degree of automation, retail businesses often implement a specialized software application. Many of these applications are point-of-sale solutions that enable at least partial automation of any of a number of processes such as customer tracking and inventory management. One example of such a software application is Microsoft Retail Management System (MRMS) provided by Microsoft Corporation of Redmond, Wash. Other examples of such software applications include back office systems, store room and shipping applications, MRMS Headquarters and warehouse management software.
It is common for retail management software applications to be installed on multiple computers (e.g., connected by a Local Access Network) that operate in conjunction with a central database. In some instances, extended functionality is available to the retail application in the form of remote services delivered by a service provider through the Internet. Such extended functionality may include, by way of example, payment card processing, integration with e-commerce web hosting or merchandising services. These and other services may be provided for free or based on a payment scheme involving, for example, subscription or per access based charges such as billing per transaction and metered billing (e.g. based on disk usage, quality/speed/level of service).
User access is an important area of consideration for many of the described and other remote service systems. For example, distributing appropriate access rights to different users in some customized manner (e.g., different employees or employee roles are assigned different access rights) is often a desirable capability.
Some hosted web services are only designed to support a single user login account per application account. This can be impractical in many environments, such as a retail sales environment wherein there is often a high turnover in staff and a need to provide access to multiple users (e.g. more than one person doing shipping of product sold on-line, different users on separate shifts, more than one person needed to update e-commerce website product listings). Furthermore, it is conceivable for a software application to provide its own user authentication system that eliminates the necessity of user authentication with a hosted service. It is desirable to provide “seamless” integration of an application and a hosted web service without requiring unnecessary log-in steps and password transactions. For example, it is undesirable to maintain and update separate employee user accounts for an on-line service.